Senior Privacy and AI Counsel
About Abby Care
Abby Care is building the leading AI-native platform for family-led care. America faces a growing care crisis, with millions needing care at home but lacking the tools, training, or recognition they deserve. Abby Care aims to harness the power of families as the largest untapped caregiving workforce, using technology to enhance care quality and drive better outcomes.
The Opportunity
We are expanding our support for family caregivers at scale and are seeking a high-agency operator to join our Senior Privacy & AI Counsel team. Reporting to the General Counsel, you will oversee Abby Care's privacy and AI governance programs, ensuring compliance and driving innovation.
What You’ll Work On
Own Abby Care's privacy program — HIPAA compliance, state privacy law compliance, BAA program, data mapping and ROPA, privacy incident response, breach assessment and notification, and individual rights workflows.
Own Abby Care's AI governance program — the responsible AI policy suite, AI inventory, AI use case intake and review process, model risk classification, ongoing monitoring, and AI incident response.
Lead AI use case reviews for internal generative and agentic AI tools and for AI-powered features in Abby Care's product.
Set the SLAs and the review framework; escalate the hard cases to the GC.
Set regulatory change management strategy across federal and state privacy and AI law.
Serve as the senior legal partner to Product, Engineering, Operations and Clinical teams on the privacy and AI implications of new and existing features.
Own the BAA program end-to-end, including standard templates, fallback positions, vendor risk integration, and downstream subcontractor flow-downs.
Manage outside privacy and AI counsel relationships, including scope, budget, and quality of work product.
Hire, develop, and lead the privacy and AI team as it grows.
Partner with the General Counsel and Compliance leadership on Privacy Officer designation, training and awareness programs, and the integration of privacy and AI controls into the broader compliance program.
What Success Looks Like
In your first six months, you have taken full operational ownership of the privacy and AI governance programs from the General Counsel.
In your first twelve months, Abby Care's privacy program is operating against documented standards that you own, with active monitoring, a current data map, a refreshed BAA portfolio, and a tested incident response workflow.
In year two, the privacy and AI programs are running on a predictable cadence, with measurable improvements year over year and meaningful leverage from the team growing under you.
Requirements
JD from an accredited law school and active bar membership in good standing in at least one U.S. jurisdiction.
7+ years of legal experience, in-house or at a top law firm, with substantial privacy and AI work.
In-house experience at a healthcare or healthcare technology company strongly preferred.
Deep working command of HIPAA/HITECH — including the Privacy, Security, and Breach Notification Rules — and a demonstrated track record of building HIPAA Privacy programs.
Deep working command of U.S. state privacy laws and the emerging U.S. state AI law landscape.
Demonstrated track record of building or materially rebuilding an AI governance program — responsible AI policy design, AI use case review framework, model risk classification, and AI-related product review — not just operating an inherited one.
Demonstrated experience leading privacy incident response end-to-end, including regulator-facing notification and post-incident remediation.
Strong written communication and the credibility to take and defend a position with executives, the Board, regulators, and outside counsel.
Comfort operating in a fast-growth environment with imperfect data, parallel priorities, and the need to write the policy yourself before handing it off.
Nice to Have
Experience advising on healthcare AI deployment, including FDA SaMD/CDS analysis, clinical decision support governance, and patient-facing AI disclosures.
Familiarity with 42 CFR Part 2, the 21st Century Cures Act information blocking rules, and state Medicaid confidentiality requirements.
Familiarity with NIST AI RMF, ISO/IEC 42001, and other AI assurance frameworks.
Prior work with state Medicaid agencies, MCOs, or other government payors on privacy or data use matters.
Experience hiring, developing, and leading a small legal or privacy team.
IAPP certifications: CIPP/US strongly preferred; AIGP a meaningful plus; CIPM useful.
Benefits
Competitive compensation packages that reflect the value you bring.
Comprehensive health coverage that works for you.
Generous paid time off.
Team bonding.
Financial savings benefits to support your future.
Paid parental leave to support your growing family.